Let's face it: Anything that's connected these days can be hacked, including cars. But while more cars are getting connected, it doesn't mean more are getting hacked. And vehicles are still pretty low on the list of hacking targets.

But you wouldn't think that if you watched 60 Minutes last month, or read a report from Massachusetts Senator Ed Markey. The 60 Minutes segment ostensibly was about the Pentagon's Defense Advanced Research Projects Agency's (DARPA) focus on security as the Internet of Things (IoT) is set to connect millions of consumer devices ranging from thermostats to smartwatches.

The head of DARPA's Information Innovation Office, which is tasked with spearheading IoT cybersecurity, pointed out on 60 Minutes that the military is the target of cyber attacks "every day" and that they are "dramatically increasing." Yet most of the segment centered on car hacking, a threat that has so far been negligible.

To frighten viewers into thinking that hacking is coming soon to connected cars, 60 Minutes correspondent Lesley Stahl was videoed behind the wheel of a vehicle, while a DARPA representative remotely controlled functions like the windshield washer and horn. And the crescendo came when the White Hat DARPA hacker disabled the car's brakes, causing it to crash through a set of orange cones as Stahl desperately stabbed the brake pedal.

The 60 Minutes segment was a perfect setup for the report from Senator Markey, which arrived the following day—and likely not a coincidence. The report said that after probing the practices of 16 automakers, it found "a clear lack of appropriate security measures to protect drivers against hackers who may be able to take control of a vehicle."

But lost in the hype is that fact that—not counting hacks done for research and publicity purposes—to date there's been a total of one car hacking incident. And that was performed by a disgruntled former car dealer employee who had access to a system that allows repossessing cars by disabling the ignition system or honking the horn to embarrass owners who are behind on loan payments. No cars, cones, or people were harmed in the hack.

The report also said that automakers don't have methods in place to detect security breaches and promptly respond to them, which is partly true. Automakers on the cutting edge of connectivity, such as Tesla and BMW, have been caught off guard by vulnerabilities discovered by third parties. For both BMW and Tesla, it was security flaws that could allow hackers to remotely locate a car and unlock the doors (although not start the engine and drive away). And in both cases, an over-the-air software patch was pushed to the affected cars to promptly solve the problem.

This is not to diminish the imminent and pressing need to protect vehicles as they start to become connected, or to let automakers off the hook on securing their connected cars. All the hoopla will certainly help hold automakers' feet to the fire on connected car security, since it's clear that connected cars will be hacked at some point, even if the threat is currently overblown.

"The fear mongering gets people to be diligent about this because you don't want unintended consequences" said John Ellis, formerly global technologist at Ford and now running the consultancy firm Ellis & Associates. "But it's nowhere near this cataclysmic event that people keep hearing about, and the car companies are hiring security people and taking this more and more seriously."

Ellis added that "with enough time and diligence," hackers could cause a certain amount of havoc by gaining access to a connected car. But he said that "right now it's really, really hard to do" and most automaker shield critical systems like braking and steering from features that can be controlled remotely, like door locking or vehicle location.

In addition, there's currently little incentive for hackers to attack cars, beyond maliciousness. "Given the [monetary] motivation of most hackers, the chance of [car hacking] is very low," observed Damon McCoy, an assistant professor of computer science at George Mason University and a car security researcher, at an event I coproduced last year during SXSW Interactive in Austin, Texas. For now, only the hype surrounding car hacking is very high. And it likely will continue, since it makes for great headlines.

Read More

About the Author

Doug Newcomb is a recognized expert on the subject of car technology within the auto industry and among the automotive and general media, and a frequent speaker at automotive and consumer electronics industry events. Doug began his career in 1988 at the car stereo trade publication Mobile Electronics, before serving as editor of the leading consume... See Full Bio

Get Our Best Stories!

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.